Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisorysecurity updateinformation leakRed Hat Enterprise Linux 8 RHSA-2023-4864 Important: CUPS Info Leak
An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2023:4864-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4864 Issue date: 2023-08-29 CVE Names: CVE-2023-32360 ===================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: Information leak through Cups-Get-Document operation (CVE-2023-32360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed(https://bugzilla.redhat.com/): 2230495 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation 6. Package List: Red Hat Enterprise Linux AppStream (v.8): aarch64: cups-2.2.6-51.el8_8.1.aarch64.rpm cups-client-2.2.6-51.el8_8.1.aarch64.rpm cups-client-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-debugsource-2.2.6-51.el8_8.1.aarch64.rpm cups-devel-2.2.6-51.el8_8.1.aarch64.rpm cups-ipptool-2.2.6-51.el8_8.1.aarch64.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-lpd-2.2.6-51.el8_8.1.aarch64.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm noarch: cups-filesystem-2.2.6-51.el8_8.1.noarch.rpm ppc64le: cups-2.2.6-51.el8_8.1.ppc64le.rpm cups-client-2.2.6-51.el8_8.1.ppc64le.rpm cups-client-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-debugsource-2.2.6-51.el8_8.1.ppc64le.rpm cups-devel-2.2.6-51.el8_8.1.ppc64le.rpm cups-ipptool-2.2.6-51.el8_8.1.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-lpd-2.2.6-51.el8_8.1.ppc64le.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm s390x: cups-2.2.6-51.el8_8.1.s390x.rpm cups-client-2.2.6-51.el8_8.1.s390x.rpm cups-client-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-debugsource-2.2.6-51.el8_8.1.s390x.rpm cups-devel-2.2.6-51.el8_8.1.s390x.rpm cups-ipptool-2.2.6-51.el8_8.1.s390x.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-lpd-2.2.6-51.el8_8.1.s390x.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.s390x.rpm x86_64: cups-2.2.6-51.el8_8.1.x86_64.rpm cups-client-2.2.6-51.el8_8.1.x86_64.rpm cups-client-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-client-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-debugsource-2.2.6-51.el8_8.1.i686.rpm cups-debugsource-2.2.6-51.el8_8.1.x86_64.rpm cups-devel-2.2.6-51.el8_8.1.i686.rpm cups-devel-2.2.6-51.el8_8.1.x86_64.rpm cups-ipptool-2.2.6-51.el8_8.1.x86_64.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-lpd-2.2.6-51.el8_8.1.x86_64.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: cups-2.2.6-51.el8_8.1.src.rpm aarch64: cups-client-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-debugsource-2.2.6-51.el8_8.1.aarch64.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-libs-2.2.6-51.el8_8.1.aarch64.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.aarch64.rpm ppc64le: cups-client-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-debugsource-2.2.6-51.el8_8.1.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-libs-2.2.6-51.el8_8.1.ppc64le.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.ppc64le.rpm s390x: cups-client-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-debugsource-2.2.6-51.el8_8.1.s390x.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-libs-2.2.6-51.el8_8.1.s390x.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.s390x.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.s390x.rpm x86_64: cups-client-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-client-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-debugsource-2.2.6-51.el8_8.1.i686.rpm cups-debugsource-2.2.6-51.el8_8.1.x86_64.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-ipptool-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-libs-2.2.6-51.el8_8.1.i686.rpm cups-libs-2.2.6-51.el8_8.1.x86_64.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-libs-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.i686.rpm cups-lpd-debuginfo-2.2.6-51.el8_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our keyand details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-32360 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk7lnPAAoJENzjgjWX9erEAe4P/jCk+gcqIOchv4rA7efDBJM0 zFtC5nSsTaVPW35ult2yl6SOJIrqeDHXHgVFzpe5Q+uUopp6ud0QnHheCMukr71O tou7Ow8jPkd8fwsHuT+SAtqC+uvMazatoPJOk1kUXcx+2zZRAxHKaz264O3UvblS ov21ACducViEAT//3ihQN/Jf3gDU/l5KrkiM5bT+cYCD4zFN9fliixZ0pcW8pXKr 0CBV6eOBPkmJDeEDw9bCufJ/STlkMwIIv6SKc3C5G6OGBpNdxLBvfKV99XoV3uh0 QsEXal98vzcjQQl+ql/6M6dhBnaFTTPOdWfFtzVa8pBt6q+TVApxCsMV8PTiReY4 41OiEz6XCb8BHgwm8i6nWQ9IQePW10eijXnylw2Bc1UyYT3Wjs+Vf4nmNDff7K+P GUFNfazxbUDDnxR/1gPin36YVd328KksjpmDIFdanCfIyaEAUucsXYpuPQ1tPFQV D92TjPPoZfsneXFVAX/fT2+kZR3cfSNlKXrJi8zJjyVekYo4NbOeFlcZp+5Mv1FK sBwHNmM63eoDh1lXttx4Lydyufef3dhKKBgF6l+yRofSjkeeJU1UQRjxCFXrBwNu +rGwSPdrfhTHKCxCd8z+Y/OFuLDKy493mC+I06m/ysgmlteY2MTrTR41a+EKy4De wd2osT8p6cDzXGmoBkR9 =HSSG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 29, 2023
•Important
Red Hat
98
security advisorysecurity issueupdateRed Hat Enterprise Linux 8.1 RHSA-2020:5233-01 Important Firefox Update
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:5233-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5233 Issue date: 2020-11-30 CVE Names: CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) *Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1898731 - CVE-2020-26951 Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code 1898732 - CVE-2020-16012 Mozilla: Variable time processing of cross-origin images during drawImage calls 1898733 - CVE-2020-26953 Mozilla: Fullscreen could be enabled without displaying the security UI 1898734 - CVE-2020-26956 Mozilla: XSS through paste (manual and clipboard API) 1898735 - CVE-2020-26958 Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions 1898736 - CVE-2020-26959 Mozilla: Use-after-free in WebRequestService 1898737 - CVE-2020-26960 Mozilla: Potential use-after-free in uses of nsTArray 1898738 - CVE-2020-26961 Mozilla: DoH did not filter IPv4 mapped IP Addresses 1898739 - CVE-2020-26965 Mozilla: Software keyboards may have remembered typed passwords 1898741 - CVE-2020-26968 Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.1): Source: firefox-78.5.0-1.el8_1.src.rpm aarch64: firefox-78.5.0-1.el8_1.aarch64.rpm firefox-debuginfo-78.5.0-1.el8_1.aarch64.rpm firefox-debugsource-78.5.0-1.el8_1.aarch64.rpm ppc64le: firefox-78.5.0-1.el8_1.ppc64le.rpm firefox-debuginfo-78.5.0-1.el8_1.ppc64le.rpm firefox-debugsource-78.5.0-1.el8_1.ppc64le.rpm s390x: firefox-78.5.0-1.el8_1.s390x.rpm firefox-debuginfo-78.5.0-1.el8_1.s390x.rpm firefox-debugsource-78.5.0-1.el8_1.s390x.rpm x86_64: firefox-78.5.0-1.el8_1.x86_64.rpm firefox-debuginfo-78.5.0-1.el8_1.x86_64.rpm firefox-debugsource-78.5.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-16012 https://access.redhat.com/security/cve/CVE-2020-26951 https://access.redhat.com/security/cve/CVE-2020-26953 https://access.redhat.com/security/cve/CVE-2020-26956 https://access.redhat.com/security/cve/CVE-2020-26958 https://access.redhat.com/security/cve/CVE-2020-26959 https://access.redhat.com/security/cve/CVE-2020-26960 https://access.redhat.com/security/cve/CVE-2020-26961 https://access.redhat.com/security/cve/CVE-2020-26965 https://access.redhat.com/security/cve/CVE-2020-26968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX8SxltzjgjWX9erEAQhxSw/6A0hHUoroYwFdXQ64D7rleSOjFLKaqv/c VAve6pxTpkPeqpjecaiF+rWOPtmjCb6BM/CWiIetu7kFLY0SqzS91sNwq1xDInty LnhPpjJd1559NnXYCeUX2a9IraPddyAUp5n5kFakYu2bwWMXCtaHUFIL0hHVQsZg QtFMU0DFWmJ6fY/hIsjZr5lYv3ZA7OnDy33M+oP+f6aiD2BF9M0Nz8RUYBhSJTAa /xOi0zWY61/vrNwDZ3/WuIY0LV27dOM3PzWYC3/DDqajYIGtIlQFSl5dD23BoaN7 j+M1JKVPBvtVKI7Sva7t9Sl3b0iNefiNK5qAY/c9Fcffr6hjNfdt1P6b4W77rP2l ud1lwQhJ9CVaCkANZgdVWwv5iMLi3VSlZJucdjgDLwxzdk/Yp8kmI0wJnc1RlenF u+UW09xuXhZQS5W2kIq0WR5fQUGkraza15Au2eojJMEuNUC/RuvrWpIhqlcMK022 DmjoEkuBbLILRQhSz8lA6ptTvxM3cJ4NrXjdMFIbYMlhART4xzJqEeUGFQrOWeAo 8agSh8+UGicDj5TIkYhPKUE3elqQZuEzaM1cez1/Qdmc96BFNiWhgmRN06p0Fepf 6TAuN8JO7cXBhiv1/FUaW6YSbtJNwMp55RgQkpx1vGGS6EICsqXAUDtM5xFyfd4T AoXAP0Jsf+8=ytUy -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 30, 2020
•Important
Red Hat
98
security advisoryupdatered hatRedHat: RHSA-2020-3341-01 Important: Thunderbird Security Advisory
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:3341-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3341 Issue date: 2020-08-06 CVE Names: CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply thisupdate, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE 1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC 1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker 1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-68.11.0-1.el8_2.src.rpm aarch64: thunderbird-68.11.0-1.el8_2.aarch64.rpm thunderbird-debuginfo-68.11.0-1.el8_2.aarch64.rpm thunderbird-debugsource-68.11.0-1.el8_2.aarch64.rpm ppc64le: thunderbird-68.11.0-1.el8_2.ppc64le.rpm thunderbird-debuginfo-68.11.0-1.el8_2.ppc64le.rpm thunderbird-debugsource-68.11.0-1.el8_2.ppc64le.rpm x86_64: thunderbird-68.11.0-1.el8_2.x86_64.rpm thunderbird-debuginfo-68.11.0-1.el8_2.x86_64.rpm thunderbird-debugsource-68.11.0-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-6463 https://access.redhat.com/security/cve/CVE-2020-6514 https://access.redhat.com/security/cve/CVE-2020-15652 https://access.redhat.com/security/cve/CVE-2020-15659 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXyutytzjgjWX9erEAQjfvA//StnG9BRnJa+Caz6k11lQmAmsLO+6yBII MdfU1zT1s9qAd0/g4OeHnaFnXQAHPbuyt99eiCZkJkNDFrO+rm3kUzxONDh8R1LZ RhrNIYNrhy8T76C2AyKdTI+Yi6eDCOy3YKhZGrMfZpHgsf2Im6clP6wZYxu8zX7t +fkevwPgi+vYs0PxOau0HG9m00JL6dAE434S6x+CLwJ7RlNNDKjA7iU061/+HJPH rKOCrSk8xAGaMOd3qAtcJEjYYZEUpCVoaAniMgccpA6C/Xu16y8Hp0shniCHtb6Q gcezEdavzhK6KcycWZHNPqprIhAhUGEqkp2Fhh0XWauYN2n7EOkynr/Oc9kIoWpu 9N+fiK5+UJjkL/FnNIaAcajdX0/PPnGDYsDC2nU1tl6LP1PjzppQviPLpTwj/jdx m27xMID/RHewaserMJ7h4dJo+mfARe6rq8s9ManIC8Y6s+6V5CBEIa0zPC8dFoA0 a53+WEAut9UJA0BhDCB6gtCf4DrUpeF5ABrNrF5eaZyammHX18iUasiLS8y1pLCL r56mCA1RftS7xKc5V5SJ1dfsvA5mY1ucf4dDgdl4lACbEpv1GGtopeLn5YVo3ejg p4OYbmdHwWT9Z2YY64hq4ubMY0MYAF3uEqCxaWt1Q1mMqTzEIQh6TSF+YYLLEyk5 wjlzQ8KQVFQ=UPhn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 06, 2020
•Important
Red Hat
98
security advisorysecurity updatered hatRed Hat 8.1: RHSA-2020-3299-01 Important: python-pillow Out-of-Bounds Issue
An update for python-pillow is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: python-pillow security update Advisory ID: RHSA-2020:3299-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3299 Issue date: 2020-08-04 CVE Names: CVE-2020-11538 ==================================================================== 1. Summary: An update for python-pillow is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1852814 - CVE-2020-11538python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: python-pillow-5.1.1-11.el8_1.src.rpm aarch64: python-pillow-debuginfo-5.1.1-11.el8_1.aarch64.rpm python-pillow-debugsource-5.1.1-11.el8_1.aarch64.rpm python3-pillow-5.1.1-11.el8_1.aarch64.rpm python3-pillow-debuginfo-5.1.1-11.el8_1.aarch64.rpm python3-pillow-tk-debuginfo-5.1.1-11.el8_1.aarch64.rpm ppc64le: python-pillow-debuginfo-5.1.1-11.el8_1.ppc64le.rpm python-pillow-debugsource-5.1.1-11.el8_1.ppc64le.rpm python3-pillow-5.1.1-11.el8_1.ppc64le.rpm python3-pillow-debuginfo-5.1.1-11.el8_1.ppc64le.rpm python3-pillow-tk-debuginfo-5.1.1-11.el8_1.ppc64le.rpm s390x: python-pillow-debuginfo-5.1.1-11.el8_1.s390x.rpm python-pillow-debugsource-5.1.1-11.el8_1.s390x.rpm python3-pillow-5.1.1-11.el8_1.s390x.rpm python3-pillow-debuginfo-5.1.1-11.el8_1.s390x.rpm python3-pillow-tk-debuginfo-5.1.1-11.el8_1.s390x.rpm x86_64: python-pillow-debuginfo-5.1.1-11.el8_1.x86_64.rpm python-pillow-debugsource-5.1.1-11.el8_1.x86_64.rpm python3-pillow-5.1.1-11.el8_1.x86_64.rpm python3-pillow-debuginfo-5.1.1-11.el8_1.x86_64.rpm python3-pillow-tk-debuginfo-5.1.1-11.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-11538 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXykRVNzjgjWX9erEAQi0mhAAjBLFrW4MG4h1aNkisHnQFDwVGo497aNn KgN+TuETtB1eQZ+uXl8IdqsX1z2P0TrsdQifeFEsl6AxbELPTO+0PerI3VDKN9cR XrbGGHEtuPrXZyNox32XPTSSf5GLuf0v2DrtpyqhA7LrkCWJtre4hpCVUgJSCooC qmszEavRaZlZJGvqlp+hAItS/YZuRvEOE+RAAZIhUb2iC2zotGrke7ZAOOwOejTR +d5z1LZQYw/5kJw/waD2XhxNdQ1jQtd5Vgi02w3y9MCdgdLM2TeFfxLLheqVFuCx KTsFUHlpKiw0OemNBg6qaDLkkevIrDt961ypNP+EzCRDADguUd0b1t5Gb/j6vdZ8 a10dskJlh7QkdEOlBnqIIhQsAe69a4jYjMMu2+eA8YJd25eyXMaCVk8wzHIfz6TG lwRVSSwR5HIwEdq2b79dlqAmnY1qD8Kwn/XEHgW9eeIKzY/PPfgHl8hZYZ6nLMse ixXI7ACt0eu0HwE3WNKVmBn1gwwcqlg9nAm5buBPu8Jo8IEe8QoEN0ZwI1KLU66J nXzsfphFXPMBV+fV85hj3vfmsgoj9LDDZ+OWO3RscnWq7VPSVWfvABY+QB1By3UO zDDqRNSoA5y2R+GFnjsN+5bAS0Lvq6FZELw5qQVx2YCj0ZRtnhPqdxSuxivof4rW uSZNMXz/JLE=kGdy -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 04, 2020
•Important
Red Hat
98
security advisorysecurity issuered hatRed Hat: RHSA-2020-1980 Important: Git Credential Leak Issue
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: git security update Advisory ID: RHSA-2020:1980-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1980 Issue date: 2020-04-30 CVE Names: CVE-2020-11008 ==================================================================== 1. Summary: An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. The following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826008) Security Fix(es): * git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1826001 - CVE-2020-11008 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: git-2.18.4-2.el8_2.src.rpm aarch64: git-2.18.4-2.el8_2.aarch64.rpm git-core-2.18.4-2.el8_2.aarch64.rpm git-core-debuginfo-2.18.4-2.el8_2.aarch64.rpm git-daemon-2.18.4-2.el8_2.aarch64.rpm git-daemon-debuginfo-2.18.4-2.el8_2.aarch64.rpm git-debuginfo-2.18.4-2.el8_2.aarch64.rpm git-debugsource-2.18.4-2.el8_2.aarch64.rpm git-instaweb-2.18.4-2.el8_2.aarch64.rpm git-subtree-2.18.4-2.el8_2.aarch64.rpm git-svn-2.18.4-2.el8_2.aarch64.rpm git-svn-debuginfo-2.18.4-2.el8_2.aarch64.rpm noarch: git-all-2.18.4-2.el8_2.noarch.rpm git-core-doc-2.18.4-2.el8_2.noarch.rpm git-email-2.18.4-2.el8_2.noarch.rpm git-gui-2.18.4-2.el8_2.noarch.rpm gitk-2.18.4-2.el8_2.noarch.rpm gitweb-2.18.4-2.el8_2.noarch.rpm perl-Git-2.18.4-2.el8_2.noarch.rpm perl-Git-SVN-2.18.4-2.el8_2.noarch.rpm ppc64le: git-2.18.4-2.el8_2.ppc64le.rpm git-core-2.18.4-2.el8_2.ppc64le.rpm git-core-debuginfo-2.18.4-2.el8_2.ppc64le.rpm git-daemon-2.18.4-2.el8_2.ppc64le.rpm git-daemon-debuginfo-2.18.4-2.el8_2.ppc64le.rpm git-debuginfo-2.18.4-2.el8_2.ppc64le.rpm git-debugsource-2.18.4-2.el8_2.ppc64le.rpm git-instaweb-2.18.4-2.el8_2.ppc64le.rpm git-subtree-2.18.4-2.el8_2.ppc64le.rpm git-svn-2.18.4-2.el8_2.ppc64le.rpm git-svn-debuginfo-2.18.4-2.el8_2.ppc64le.rpm s390x: git-2.18.4-2.el8_2.s390x.rpm git-core-2.18.4-2.el8_2.s390x.rpm git-core-debuginfo-2.18.4-2.el8_2.s390x.rpm git-daemon-2.18.4-2.el8_2.s390x.rpm git-daemon-debuginfo-2.18.4-2.el8_2.s390x.rpm git-debuginfo-2.18.4-2.el8_2.s390x.rpm git-debugsource-2.18.4-2.el8_2.s390x.rpm git-instaweb-2.18.4-2.el8_2.s390x.rpm git-subtree-2.18.4-2.el8_2.s390x.rpm git-svn-2.18.4-2.el8_2.s390x.rpm git-svn-debuginfo-2.18.4-2.el8_2.s390x.rpm x86_64: git-2.18.4-2.el8_2.x86_64.rpm git-core-2.18.4-2.el8_2.x86_64.rpm git-core-debuginfo-2.18.4-2.el8_2.x86_64.rpm git-daemon-2.18.4-2.el8_2.x86_64.rpm git-daemon-debuginfo-2.18.4-2.el8_2.x86_64.rpm git-debuginfo-2.18.4-2.el8_2.x86_64.rpm git-debugsource-2.18.4-2.el8_2.x86_64.rpm git-instaweb-2.18.4-2.el8_2.x86_64.rpm git-subtree-2.18.4-2.el8_2.x86_64.rpm git-svn-2.18.4-2.el8_2.x86_64.rpm git-svn-debuginfo-2.18.4-2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-11008 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqqzctzjgjWX9erEAQhIjg//byZKfiMKQxGTXzo12Jvl+Ki50hH5YLHx wURsem4vppv0ZJ24eJAZSB6S/LgNTbtj23XnGCypv4yixjAFtYw6qEfxqLKSOHyO onBv3owPf+Mu8CckTUkbz2DO+wJ8sCox56QIJ5rkAWHV8Bk+plevzupEhrgPTV8T Vb5bv6w4rhzNYajWKXUM6YwUQ3NuCMjJB5n+Zgs2OGUFh8akIwUjZplbjFHs3NAg QuK/Zzn6tY00kKp62x6PRKCper+PG2oQ3BO2E8R88nDXNLVtzYl443CTEdhLGaMR 0mfwMJ5ZSn9X4e4/mE6HjLt8Mxa7L+d0RC2vW9E8z6722mXeWv7YS1JoeoU0cOtO WZeg9+VWcMwFbfbqFnOPyZBJg4AAWf/8OAUO0z+2I2laREktQo7Gh23gs3nM/PBP 1kqCyL80mQFrO1q+t8kwv1zUjxuT0C7OhLEBaW/kUUkJ/xc1wUAG4TslAkYqDJK4 jIVKgdq59CIaqudxyVuOCCoEEWGC6+T1qNus+hI5ggbBf3pskDrWkkY8OHV6cNkf sG1cY9bwrhwCwe2VhOS19tCcgERJK5e7Tavr8cz3zB4g0EGgWMe4QCE8R/7jiMNc 6ZPo1UIH/XRukv6i/sVIcsEQtdt7AQ20kKzZ9r9wFAi5nc0AkQuOGK5b2eSnCzVj 1VuuLc0m6Mc=yZiV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 30, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!